An in-depth guide to the changes your organisation needs to make to comply with the EU GDPR.

In May 2018, the GDPR will supersede the 1995 EU Data Protection Directive (DPD) and all EU member states’ national laws based on it.

All organisations – wherever they are in the world – that process the personal data of EU residents must comply with the Regulation. Failure to do so could result in fines of up to €20 million or 4% of annual global turnover – whichever is greater.

This book provides a detailed commentary on the GDPR, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.

Product overview

Now in its second edition, EU GDPR – An Implementation and Compliance Guide is a clear and comprehensive guide to this new data protection law. It explains the Regulation and sets out the obligations of data processors and controllers in terms you can understand.

Topics covered include:

The data protection officer (DPO) role, including whether you need one and what they should do;

Risk management and data protection impact assessments (DPIAs), including how, when and why to conduct one;

Data subjects’ rights, including consent and the withdrawal of consent, subject access requests (SARs) and how to handle them, and data controllers and processors’ obligations;

International data transfers to ‘third countries’, including guidance on adequacy decisions and appropriate safeguards, the EU-US Privacy Shield, international organisations, limited transfers and Cloud providers;

How to adjust your data protection processes to comply with the GDPR, and the best way of demonstrating that compliance; and

A full index of the Regulation to help you find the articles and stipulations relevant to your organisation.

New in the second edition are:

Additional definitions;

Further guidance on the DPO role;

Greater clarification on data subjects’ rights;

Extra guidance on DPIAs;

More detailed information on SARs;

Clarification of consent and alternative lawful bases for processing personal data; and

An implementation FAQ appendix.

The GDPR will have a significant impact on organisations’ data protection regimes around the world. EU GDPR – An Implementation and Compliance Guide shows you what you need to do to comply with the new law.

About the authors

IT Governance is a leading global provider of IT governance, risk management and compliance expertise. We pride ourselves on delivering a broad range of integrated, high-quality solutions that meet the real-world needs of our international client base.

Our privacy team, led by Alan Calder, has substantial experience in privacy, data protection, compliance and information security. This practical experience, our understanding of the background and drivers for the GDPR, and the input of our fast-growing team of consultants and trainers are combined in this manual to provide the world’s ﬁrst guide to implementing the new data protection regulation.